Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.1710
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for keepalived (EulerOS-SA-2019-1710)
Summary:	The remote host is missing an update for the Huawei EulerOS 'keepalived' package(s) announced via the EulerOS-SA-2019-1710 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'keepalived' package(s) announced via the EulerOS-SA-2019-1710 advisory. Vulnerability Insight: Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer.(CVE-2018-19115) Affected Software/OS: 'keepalived' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-19115 https://security.gentoo.org/glsa/201903-01 https://bugzilla.suse.com/show_bug.cgi?id=1015141 https://github.com/acassen/keepalived/pull/961 https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9 https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html RedHat Security Advisories: RHSA-2019:0022 https://access.redhat.com/errata/RHSA-2019:0022 RedHat Security Advisories: RHSA-2019:1792 https://access.redhat.com/errata/RHSA-2019:1792 RedHat Security Advisories: RHSA-2019:1945 https://access.redhat.com/errata/RHSA-2019:1945 https://usn.ubuntu.com/3995-1/ https://usn.ubuntu.com/3995-2/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.